I am not sure if this is influence of new year party … but be so kind and tell me how to implement HTTPS hyperlink on internal FW page? Should I use Edit/Hyperlink/External and refer to internal page via https protocol? The background of the question - I want to have page with form submitted via https.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
This requires a bit more than using https in the link. Your server has to be configured with a security certificate, and you usually buy those for a separate subdomain from your main site (although it’s becoming more and more popular to just put the entire site into secure mode and be done with it). If you do go the subdomain route, then your links have to be to https://somesecuresubdomain.example.com/someresource.html and the like, and you have to set up an entirely separate Apache server to handle those secure requests. If you don’t go the subdomain route, then you still need to configure your main site to be secure, and add a redirect from non-secure (bookmarks, someone just typing in your URL) to the secure URL.
Your hosting provider is the first place to look. Many allow you to “share” a certificate for a bit less than buying your own. I get mine from RapidSSL, and they are cheap and fast and have great support. I’ve been configuring Unix servers since 1995 or so, so I have a lot more experience with the server side of things. But many cPanel installations will automate this to the point that it’s a button press and a few forms to fill out.
Once you do have this done, there used to be an Action to automate setting up links in and out of a secure domain. I can’t find it in the Forge, so if anyone else reads this who remembers, please pipe up!
Walter
On Jan 2, 2013, at 8:08 PM, Tomek wrote:
I am not sure if this is influence of new year party … but be so kind and tell me how to implement HTTPS hyperlink on internal FW page? Should I use Edit/Hyperlink/External and refer to internal page via https protocol? The background of the question - I want to have page with form submitted via https.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Walter,
thank you for the explanation. I also was not able to find an action for granular (HTTP/HTTPS) link definition. Therefore for the moment I developed some sort of server-based work around.
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
where “dir” is particular directory name.
Of course it works only with Apache
freewaytalk mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options
Having recently setup HTTPS using Let’s Encrypt (free), I am now scrutinizing FreewayTalk trying to figure out how to easily fix the HTTP links to be HTTPS.
I found Walter’s Action here:
http://actionsforge.com/actions/https-cdn-helper
Unfortunately, it does nothing for me since the Protaculous 2 action already has a checkbox for “Use HTTPS links to Google CDN.”
For example, when I load my site via HTTPS in Safari, I see these page errors:
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js.
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. (en, line 288)
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. (en, line 288)
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff.
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf.
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf.
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg.
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects.
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js.
[Warning] The page at https://www.visionsecurity.jp/en/ contains a form which targets an insecure URL http://visionsecurity.jp/en/search_results.html. (en, line 306)
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff. (analytics.js, line 30)
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf. (analytics.js, line 30)
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf. (analytics.js, line 30)
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg. (analytics.js, line 30)The Caxton action handles my web fonts, but links to HTTPS only.
The Carousel action uses the Freeway CDN, which is HTTPS only.
Then there are other of Walter’s actions on the page that link to: http://ajax.googleapis.com/ajax/libs/
I can fix the FORM error simply by changing HTTP to HTTP, but the others contained inside Actions are a problem. Is there no way to fix everything in one fell swoop?
I suppose I could host everything on my server instead of using any CDN’s (which I prefer, actually), but these things are hard coded into each Action, preventing me from doing so.
Any thoughts would be appreciated.
Thanks,
James Wages
freewaytalk mailing list
email@hidden
Update your subscriptions at:
There is no harm putting the CDN helper on the page, and it may help. The issue appears to be coming from Carousel 2, which does not have the option to turn on HTTPS. I just revved the CDN Helper Action to change the URLs for the FreewayPro CDN as well.
Walter
On Jan 19, 2017, at 9:51 PM, JDW email@hidden wrote:
Having recently setup HTTPS using Let’s Encrypt (free), I am now scrutinizing FreewayTalk trying to figure out how to easily fix the HTTP links to be HTTPS.
I found Walter’s Action here:
HTTPS CDN Helper - ActionsForge
Unfortunately, it does nothing for me since the Protaculous 2 action already has a checkbox for “Use HTTPS links to Google CDN.”
For example, when I load my site via HTTPS in Safari, I see these page errors:
[Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js. > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. (en, line 288) > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. (en, line 288) > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff. > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf. > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf. > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg. > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. > > [Warning] The page at https://www.visionsecurity.jp/en/ contains a form which targets an insecure URL http://visionsecurity.jp/en/search_results.html. (en, line 306) > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff. (analytics.js, line 30) > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf. (analytics.js, line 30) > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf. (analytics.js, line 30) > > [Warning] [blocked] The page at https://www.visionsecurity.jp/en/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg. (analytics.js, line 30)The Caxton action handles my web fonts, but links to HTTPS only.
The Carousel action uses the Freeway CDN, which is HTTPS only.
Then there are other of Walter’s actions on the page that link to: http://ajax.googleapis.com/ajax/libs/
I can fix the FORM error simply by changing HTTP to HTTP, but the others contained inside Actions are a problem. Is there no way to fix everything in one fell swoop?
I suppose I could host everything on my server instead of using any CDN’s (which I prefer, actually), but these things are hard coded into each Action, preventing me from doing so.
Any thoughts would be appreciated.
Thanks,
James Wages
freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk
freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options
Many thanks for the 0.3 action update, Walter. But when I add it to my top page and then try to Publish, a small dialog appears that says the following:
HTTPS CDN Helper
"index_domloaded.js"
Abort... OKAnd when I click the OK button on that dialog, another appears:
“http://kiramek.com/cookiejar.js”
And then another:
“https://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js”
Those 3 dialogs appear each and every time I Publish or Upload.
Despite those dialogs, I kept your action applied to my top page and uploaded then loaded the HTTPS version in Safari:
I still get 14 errors though (i.e., no change from before):
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. (visionsecurity.jp, line 311)
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. (visionsecurity.jp, line 311)
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js.
[Warning] The page at https://visionsecurity.jp/ contains a form which targets an insecure URL http://visionsecurity.jp/jp/search_results.html. (visionsecurity.jp, line 331)
freewaytalk mailing list
email@hidden
Update your subscriptions at:
Well, this is turning out to be living hell. My YouTube Action links to HTTP too, so the content won’t appear in the browser.
The only reason I went to all the trouble of setting up a certificate for SSL in the first place is because I read Google is going to play the ranking game with sites that don’t have HTTPS. But despite my having setup the certificate, it’s all in vain if my Actions continue to link to HTTP and break my pages.
What a mess!
James W.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
I’ve managed to get the errors down from 14 to only 13 now:
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. (visionsecurity.jp, line 308)
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. (visionsecurity.jp, line 308)
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.woff.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.ttf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.otf.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to display insecure content from http://www.kiramek.com/fonts/Display%20Black.svg.
I’ve written Paul Dunning about his Caxton action (allows web fonts), so maybe that will prove a solution for nearly half of the errors. But again, despite the fact I am using version 0.3 of the “https-cdn-helper” action, as you can see, there are still errors. And on top of that, it kicks out those 3 dialog boxes repeatedly every time I publish or upload.
Any thoughts?
James Wages
freewaytalk mailing list
email@hidden
Update your subscriptions at:
Walter, there appears to be a serious bug in your version 0.3 action. I took a look inside and there is no reference to Google at all. Your version 0.2 action did have a reference to Google. And although your new 0.3 action makes reference to the Freeway CDN (converting it to cloudfront), when I use your action on my page, upload, then check the HTML, there is no reference to cloudfront in the HTML at all.
Here’s a slightly modified version of your action that puts a checkbox in the Actions palette to allow the user to mute those annoying dialog boxes, but I am not sure how to modify it to fix the Freeway CDN problem and too add Google:
<action-encoding>UTF-8</action-encoding>
<page-action name="https_cdn_helper" title="HTTPS CDN Helper">
<action-version version="0.4">
HTTPS CDN Helper
Copyright 2013, 2014 Walter Davis Studio
</action-version>
<action-checkbox name="secure" title="Use HTTPS links to Google or FreewayPro CDN" default="no" />
<action-checkbox name="alerbox" title="Show altered URLs." default="no" />
<action-javascript>
function fwAfterEndHTML(){
var scripts = fwDocument.fwTags.fwFindAll('script');
for (var i = scripts.length - 1; i >= 0; i--){
var script = scripts[i];
if(fwParameters['secure'].fwBoolValue && script.src){
if(fwParameters['alerbox'].fwBoolValue && script.src){
alert(script.src); }
script.src = script.src.toString().replace(/"http:/,'"https:').replace(/cdn.freewaypro.com/, 'dnk2vbhoq39rr.cloudfront.net');
}
};
var links = fwDocument.fwTags.fwFindAll('link');
for (var i = links.length - 1; i >= 0; i--){
var link = links[i];
if(fwParameters['secure'].fwBoolValue && link.href){
link.href = link.href.toString().replace(/"http:/,'"https:').replace(/cdn.freewaypro.com/, 'dnk2vbhoq39rr.cloudfront.net');
}
};
}
</action-javascript>
</page-action>I currently have the above version of the action applied to the top page of my site here:
Load that URL in Safari and press Opt-CMD-U to pull up the Console, then click the yellow Warnings (I see 5), and note:
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. (visionsecurity.jp, line 308)
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. (visionsecurity.jp, line 308)
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects.
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
That alert was left over debugging code, you could have just commented it out or deleted it. In order for this external action to work, the other Actions have to run at an earlier breakpoint in the publishing cycle. Carousel 2 and Protaculous 2 both run at fwAfterEndHTML. The CDN helper also does so. It’s hit-or-miss whether that will run after the other Actions have done their thing or not, and if it runs before them, then the effect is overwritten by the later Action. It worked when I tried it earlier, but then it didn’t work when I re-tried it just now. This has been a long-bemoaned problem with the Actions API, and I ended up writing a lot of code to work around it in my Font styling library code. I may dig some of that out and see if I can make it apply.
For now, the thing to do is to edit the other Actions, use a bulk find-and-replace to move their publish point from fwAfterEndHTML to fwBeforeEndHTML. You can simply substitute those terms blindly in the Actions and they will continue to work and the HTTPS CDN Action will then take full control. I’ve updated a new version with the alert removed and a change to the regular expression to make it more greedy (not sure, but it may have missed out on multiple addresses the way it was).
Walter
On Jan 22, 2017, at 8:28 PM, JDW email@hidden wrote:
Walter, there appears to be a serious bug in your version 0.3 action. I took a look inside and there is no reference to Google at all. Your version 0.2 action did have a reference to Google. And although your new 0.3 action makes reference to the Freeway CDN (converting it to cloudfront), when I use your action on my page, upload, then check the HTML, there is no reference to cloudfront in the HTML at all.
Here’s a slightly modified version of your action that puts a checkbox in the Actions palette to allow the user to mute those annoying dialog boxes, but I am not sure how to modify it to fix the Freeway CDN problem and too add Google:
<action-encoding>UTF-8</action-encoding> > <page-action name="https_cdn_helper" title="HTTPS CDN Helper"> > <action-version version="0.4"> > HTTPS CDN Helper > Copyright 2013, 2014 Walter Davis Studio > </action-version> > <action-checkbox name="secure" title="Use HTTPS links to Google or FreewayPro CDN" default="no" /> > <action-checkbox name="alerbox" title="Show altered URLs." default="no" /> > <action-javascript> > function fwAfterEndHTML(){ > var scripts = fwDocument.fwTags.fwFindAll('script'); > for (var i = scripts.length - 1; i >= 0; i--){ > var script = scripts[i]; > if(fwParameters['secure'].fwBoolValue && script.src){ > if(fwParameters['alerbox'].fwBoolValue && script.src){ > alert(script.src); } > script.src = script.src.toString().replace(/"http:/,'"https:').replace(/cdn.freewaypro.com/, 'dnk2vbhoq39rr.cloudfront.net'); > } > }; > var links = fwDocument.fwTags.fwFindAll('link'); > for (var i = links.length - 1; i >= 0; i--){ > var link = links[i]; > if(fwParameters['secure'].fwBoolValue && link.href){ > link.href = link.href.toString().replace(/"http:/,'"https:').replace(/cdn.freewaypro.com/, 'dnk2vbhoq39rr.cloudfront.net'); > } > }; > } > </action-javascript> > </page-action>I currently have the above version of the action applied to the top page of my site here:
Load that URL in Safari and press Opt-CMD-U to pull up the Console, then click the yellow Warnings (I see 5), and note:
[Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/prototype/1.7/prototype.js. > > [Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. (visionsecurity.jp, line 308) > > [Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. (visionsecurity.jp, line 308) > > [Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://ajax.googleapis.com/ajax/libs/scriptaculous/1.9/scriptaculous.js?load=effects. > > [Warning] [blocked] The page at https://visionsecurity.jp/ was not allowed to run insecure content from http://cdn.freewaypro.com/carousel2/0.1.11/carousel2.js. >
freewaytalk mailing list
email@hidden
Update your subscriptions at:
Information for existing FreewayTalk / Groups.io users - Site Feedback - Softpress Talk
freewaytalk mailing list
email@hidden
Update your subscriptions at:
https://freewaytalk.softpress.com/person/options
Hi Walter,
I switched to your new version of CDN Helper and then edited Protaculous and Carousel actions, swapping fwAfterEndHTML for fwBeforeEndHTML. So far so good. No more errors when using HTTPS now.
Thank you!
James W.
freewaytalk mailing list
email@hidden
Update your subscriptions at:
Just wanted to post this as a tip for others.
The HTTPS CDN Helper action won’t work on the Google Maps action built into Freeway. And when I opened the “Google Map.fwaction” (embedded inside the Freeway Pro app) inside TextWrangler, there are no “fwAfterEndHTML” lines to edit. So I edited the 3 “http://maps.googleapis…” lines to be “https://maps.googleapis” and then restarted Freeway and now it is working fine with HTTPS links.
–James Wages
freewaytalk mailing list
email@hidden
Update your subscriptions at: